How to keep legacy systems from becoming liabilities

By Kathleen Hickey

Mar 04, 2015

While plenty of public sector IT systems are moving to the cloud, legacy systems are still the workhorses of many agency IT operations. But greater computing demand from government transparency and mobile or big data programs coupled with frequent technology advances can quickly turn a legacy system into a liability.

A recent report from Washington state creates an enterprise-level modernization roadmap to systematically tackle the problem of updating legacy IT systems.

The report by the Office of the Chief Information Officer (OCIO) examined 45 executive branch agencies. Of the 1,983 IT systems in use, 31 percent were legacy systems, with 55 percent of the legacy systems identified as mission critical. Most of the legacy systems (84 percent) were developed and hosted in-house. Almost half of the legacy systems fell into one of three business areas: financial management, agency specific and licensing/permitting.

The roadmap would be used by the state to mitigate current risks from legacy systems. In order to accomplish that, the state advises that agencies stay current on software versions as well as:

Identify, categorize and analyze their system (application) portfolio.

Determine when to modernize or replace systems.

Determine the best technology modernization approach.

Build a business case to increase the likelihood of funding the project.

Determining what was a legacy system went beyond age and programming language. “Categorizing a system as 'legacy' was not simply a matter of age or programming language, but rather a combination of views into whether that system could be easily updated, resourced/staffed, posed security risk or other agency-specific determinations such as whether it aligned to a desired enterprise technical architecture or introduced unnecessary complexity to overall business processes,” said the report.

Legacy systems pose a Catch-22 for agencies. They remain in use, the report said, because of the costs associated with migrating the systems to a modern platform. But these systems are also expensive to run; they burden the state’s IT infrastructure, and they carry increased risks for data breaches, theft or service disruption.

This is especially true for citizen-facing systems, the report noted, because many of those applications were designed for use only in a secure internal network and not over the Internet.

And while back-office systems, such as core financials, are critically important to the state’s day to day operations, their visibility is much lower, making upgrades a “hard sell,” the report said. As a result, replacement or upgrade of legacy IT systems often comes only when enhancements are made for new business capabilities or when IT staff has time to make improvements.

Until agencies can phase out their legacy systems, the report recommended steps IT managers can take to reduce risk:

Improve documentation, capture system information from departing staff and incrementally rewrite or improve system code when possible.

The OCIO also asked agencies what criteria they used to fund modernization projects resulting in a consolidated list of criteria used by participating agencies. The data included mission alignment, public visibility, risk, alignment to enterprise architecture (such as reducing number of platforms or improving data integration), improving efficiencies and cost savings.

Further, the report noted that modernizing or replacing IT systems is “a moving target. A system that may not be considered legacy this year might become legacy next year due to the pace of technological change, shifting skill set availability and cost, and changing business needs.”

The challenge of maintaining legacy systems is being felt across the public sector. Last year the Texas Department of Information Resources issued its own report and assessment of its legacy systems.